1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP PCCleaner Activity

HTTP PCCleaner Activity

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Description

This signature detects activities of misleading application PCCleaner.

Additional Information

PCCleaner is a misleading application, which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks.

When the program is run, it creates the following files:

* C:\Documents and Settings\All Users\Start Menu\Programs\PCCleaner2007\PCCleaner2007.lnk
* C:\Documents and Settings\All Users\Start Menu\Programs\PCCleaner2007\Uninstall PCCleaner2007.lnk
* %ProgramFiles%\PCCleaner2007\Appbase\AE_CD_Cr.dat
* %ProgramFiles%\PCCleaner2007\Appbase\AReadr4.dat
* %ProgramFiles%\PCCleaner2007\Appbase\AReadr5.dat
* %ProgramFiles%\PCCleaner2007\Appbase\ASDSEEpv.dat
* %ProgramFiles%\PCCleaner2007\Appbase\ASPack.dat
* %ProgramFiles%\PCCleaner2007\Appbase\Babylon.dat
* %ProgramFiles%\PCCleaner2007\Appbase\BDelphi5.dat
* %ProgramFiles%\PCCleaner2007\Appbase\CatchUp.dat
* %ProgramFiles%\PCCleaner2007\Appbase\CBuildr5.dat
* %ProgramFiles%\PCCleaner2007\Appbase\CCGA.dat
* %ProgramFiles%\PCCleaner2007\Appbase\CManager.dat
* %ProgramFiles%\PCCleaner2007\Appbase\CuteFTP4.dat
* %ProgramFiles%\PCCleaner2007\Appbase\CuteHTML.dat
* %ProgramFiles%\PCCleaner2007\Appbase\DAcceler.dat
* %ProgramFiles%\PCCleaner2007\Appbase\DiscJug.dat
* %ProgramFiles%\PCCleaner2007\Appbase\ECDCreat4.dat
* %ProgramFiles%\PCCleaner2007\Appbase\Far.dat
* %ProgramFiles%\PCCleaner2007\Appbase\FlashFXP.dat
* %ProgramFiles%\PCCleaner2007\Appbase\FrntPage.dat
* %ProgramFiles%\PCCleaner2007\Appbase\FrontPEx.dat
* %ProgramFiles%\PCCleaner2007\Appbase\FtpEXP.dat
* %ProgramFiles%\PCCleaner2007\Appbase\FtpVoya.dat
* %ProgramFiles%\PCCleaner2007\Appbase\GetRight.dat
* %ProgramFiles%\PCCleaner2007\Appbase\GoZilla.dat
* %ProgramFiles%\PCCleaner2007\Appbase\GravMRU.dat
* %ProgramFiles%\PCCleaner2007\Appbase\HomeSite.dat
* %ProgramFiles%\PCCleaner2007\Appbase\HotDogPr.dat
* %ProgramFiles%\PCCleaner2007\Appbase\H_TxtPad.dat
* %ProgramFiles%\PCCleaner2007\Appbase\IconExtr.dat
* %ProgramFiles%\PCCleaner2007\Appbase\iMesh.dat
* %ProgramFiles%\PCCleaner2007\Appbase\ImgReady3.dat
* %ProgramFiles%\PCCleaner2007\Appbase\InsShExp.dat
* %ProgramFiles%\PCCleaner2007\Appbase\JASC_P_P.dat
* %ProgramFiles%\PCCleaner2007\Appbase\KaZaA.dat
* %ProgramFiles%\PCCleaner2007\Appbase\LView.dat
* %ProgramFiles%\PCCleaner2007\Appbase\MacDir.dat
* %ProgramFiles%\PCCleaner2007\Appbase\MacDrWea.dat
* %ProgramFiles%\PCCleaner2007\Appbase\MicAng.dat
* %ProgramFiles%\PCCleaner2007\Appbase\MicDes.dat
* %ProgramFiles%\PCCleaner2007\Appbase\MMUnDisk.dat
* %ProgramFiles%\PCCleaner2007\Appbase\MM_CON.dat
* %ProgramFiles%\PCCleaner2007\Appbase\Morpheus.dat
* %ProgramFiles%\PCCleaner2007\Appbase\MPaint.dat
* %ProgramFiles%\PCCleaner2007\Appbase\MPicPub.dat
* %ProgramFiles%\PCCleaner2007\Appbase\MPImaGal.dat
* %ProgramFiles%\PCCleaner2007\Appbase\MSExplorer.dat
* %ProgramFiles%\PCCleaner2007\Appbase\MSoffice.dat
* %ProgramFiles%\PCCleaner2007\Appbase\MSRegEdit.dat
* %ProgramFiles%\PCCleaner2007\Appbase\MSWMP.dat
* %ProgramFiles%\PCCleaner2007\Appbase\MSWordPad.dat
* %ProgramFiles%\PCCleaner2007\Appbase\Nero.dat
* %ProgramFiles%\PCCleaner2007\Appbase\NetShow.dat
* %ProgramFiles%\PCCleaner2007\Appbase\NTBackup.dat
* %ProgramFiles%\PCCleaner2007\Appbase\pfilelst.xda
* %ProgramFiles%\PCCleaner2007\Appbase\PhotShel.dat
* %ProgramFiles%\PCCleaner2007\Appbase\PHPCoder.dat
* %ProgramFiles%\PCCleaner2007\Appbase\PowerZIP.dat
* %ProgramFiles%\PCCleaner2007\Appbase\RapidBr.dat
* %ProgramFiles%\PCCleaner2007\Appbase\RealAuPl.dat
* %ProgramFiles%\PCCleaner2007\Appbase\RealDown.dat
* %ProgramFiles%\PCCleaner2007\Appbase\SecurCRT.dat
* %ProgramFiles%\PCCleaner2007\Appbase\SL_BlWin.dat
* %ProgramFiles%\PCCleaner2007\Appbase\SmartClr.dat
* %ProgramFiles%\PCCleaner2007\Appbase\Sonique.dat
* %ProgramFiles%\PCCleaner2007\Appbase\StuffIt.dat
* %ProgramFiles%\PCCleaner2007\Appbase\TelepPro.dat
* %ProgramFiles%\PCCleaner2007\Appbase\UGifAnim.dat
* %ProgramFiles%\PCCleaner2007\Appbase\UltraEd.dat
* %ProgramFiles%\PCCleaner2007\Appbase\UMedStud.dat
* %ProgramFiles%\PCCleaner2007\Appbase\UPhImpV.dat
* %ProgramFiles%\PCCleaner2007\Appbase\UPhotoEx.dat
* %ProgramFiles%\PCCleaner2007\Appbase\UVidStud.dat
* %ProgramFiles%\PCCleaner2007\Appbase\VNC.dat
* %ProgramFiles%\PCCleaner2007\Appbase\WebFeret.dat
* %ProgramFiles%\PCCleaner2007\Appbase\WebReap.dat
* %ProgramFiles%\PCCleaner2007\Appbase\WinACE.dat
* %ProgramFiles%\PCCleaner2007\Appbase\WinGate.dat
* %ProgramFiles%\PCCleaner2007\Appbase\WiseInst.dat
* %ProgramFiles%\PCCleaner2007\Appbase\wordslst.xda
* %ProgramFiles%\PCCleaner2007\Appbase\YahooPl.dat
* %ProgramFiles%\PCCleaner2007\Appbase\YahooPl2.dat
* %ProgramFiles%\PCCleaner2007\Appbase\YahooPl3.dat
* %ProgramFiles%\PCCleaner2007\Appbase\ZipMagic.dat
* %ProgramFiles%\PCCleaner2007\lang\en_applications.lng
* %ProgramFiles%\PCCleaner2007\lang\en_browsers.lng
* %ProgramFiles%\PCCleaner2007\lang\en_customitems.lng
* %ProgramFiles%\PCCleaner2007\lang\en_main.lng
* %ProgramFiles%\PCCleaner2007\lang\en_messangers.lng
* %ProgramFiles%\PCCleaner2007\lang\en_tempfiles.lng
* %ProgramFiles%\PCCleaner2007\lang\en_windows.lng
* %ProgramFiles%\PCCleaner2007\lang\ru_applications.lng
* %ProgramFiles%\PCCleaner2007\lang\ru_browsers.lng
* %ProgramFiles%\PCCleaner2007\lang\ru_customitems.lng
* %ProgramFiles%\PCCleaner2007\lang\ru_main.lng
* %ProgramFiles%\PCCleaner2007\lang\ru_messangers.lng
* %ProgramFiles%\PCCleaner2007\lang\ru_tempfiles.lng
* %ProgramFiles%\PCCleaner2007\lang\ru_windows.lng
* %ProgramFiles%\PCCleaner2007\master.ini
* %ProgramFiles%\PCCleaner2007\plugins\appclean.dll
* %ProgramFiles%\PCCleaner2007\plugins\browsers.dll
* %ProgramFiles%\PCCleaner2007\plugins\browsers.ini
* %ProgramFiles%\PCCleaner2007\plugins\customitems.dll
* %ProgramFiles%\PCCleaner2007\plugins\messangers.dll
* %ProgramFiles%\PCCleaner2007\plugins\messangers.ini
* %ProgramFiles%\PCCleaner2007\plugins\tempfiles.dll
* %ProgramFiles%\PCCleaner2007\plugins\tempfiles.ini
* %ProgramFiles%\PCCleaner2007\plugins\windows.dll
* %ProgramFiles%\PCCleaner2007\plugins\windows.ini
* %ProgramFiles%\PCCleaner2007\Skins\BlueGauze\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\BlueGauze\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\BlueGauze\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\BlueGlass\Btn_Huge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\BlueGlass\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\BlueGlass\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\BlueIce\BG.JPG
* %ProgramFiles%\PCCleaner2007\Skins\BlueIce\Btn_Huge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\BlueIce\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\BlueIce\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\BluePlastic\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\BluePlastic\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\BluePlastic\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Cappuccino\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Cappuccino\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Cappuccino\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\DarkGlass\Bkgnd.jpg
* %ProgramFiles%\PCCleaner2007\Skins\DarkGlass\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\DarkGlass\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\DarkGlass\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Desert\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Desert\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Desert\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Elegant\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Elegant\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Elegant\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\FalloutStyle\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\FalloutStyle\fBG.jpg
* %ProgramFiles%\PCCleaner2007\Skins\FalloutStyle\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\FalloutStyle\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Golden\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Golden\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Golden\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\GrayPlastic\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\GrayPlastic\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\GrayPlastic\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\HeroesStyle\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\HeroesStyle\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\HeroesStyle\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Ledenets\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Ledenets\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Ledenets\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\LikeOperaStyle\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\LikeOperaStyle\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\LikeOperaStyle\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\LongHorn\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\LongHorn\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\LongHorn\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\MacMetal\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\MacMetal\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\MacMetal\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\MacOS\Biclose.bmp
* %ProgramFiles%\PCCleaner2007\Skins\MacOS\BIMAX.BMP
* %ProgramFiles%\PCCleaner2007\Skins\MacOS\BIMIN.BMP
* %ProgramFiles%\PCCleaner2007\Skins\MacOS\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\MacOS\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\MacOS\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\MacOS2\Biclose.bmp
* %ProgramFiles%\PCCleaner2007\Skins\MacOS2\BIMAX.BMP
* %ProgramFiles%\PCCleaner2007\Skins\MacOS2\BIMIN.BMP
* %ProgramFiles%\PCCleaner2007\Skins\MacOS2\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\MacOS2\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\MacOS2\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Neutral\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Neutral\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Neutral\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Neutral2\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Neutral2\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Neutral2\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Neutral3\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Neutral3\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Neutral3\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Neutral4\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Neutral4\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Neutral4\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\NextAlpha\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\NextAlpha\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\NextAlpha\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Office12Style\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Office12Style\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Office12Style\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Office2003\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Office2003\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Office2003\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Retro\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Retro\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Retro\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Retro\WOOD.JPG
* %ProgramFiles%\PCCleaner2007\Skins\Rhombus\Bg.jpg
* %ProgramFiles%\PCCleaner2007\Skins\Rhombus\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Rhombus\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Rhombus\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Sand\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Sand\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Sand\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Steam\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Steam\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Steam\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Terminal4bit\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Terminal4bit\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Terminal4bit\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\TheFrog\Bg.jpg
* %ProgramFiles%\PCCleaner2007\Skins\TheFrog\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\TheFrog\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\TheFrog\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Winter2003\BG.JPG
* %ProgramFiles%\PCCleaner2007\Skins\Winter2003\Btn_Huge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Winter2003\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Winter2003\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\WLM\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\WLM\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\WLM\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\WLM\TopRight.bmp
* %ProgramFiles%\PCCleaner2007\Skins\WMP11\ButtonHuge24.bmp
* %ProgramFiles%\PCCleaner2007\Skins\WMP11\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\WMP11\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\Wood\Bg.jpg
* %ProgramFiles%\PCCleaner2007\Skins\Wood\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Wood\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\Wood\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\XPLuna\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\XPLuna\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\XPLuna\Options.dat
* %ProgramFiles%\PCCleaner2007\Skins\XPSilver\ButtonHuge.bmp
* %ProgramFiles%\PCCleaner2007\Skins\XPSilver\Master.bmp
* %ProgramFiles%\PCCleaner2007\Skins\XPSilver\Options.dat
* %ProgramFiles%\PCCleaner2007\SysCleaner.exe
* %ProgramFiles%\PCCleaner2007\unins000.dat
* %ProgramFiles%\PCCleaner2007\unins000.exe



Next, the program creates the following registry subkey:
HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCCleaner2007_is1

Affected

  • Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP

Response

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan.
4. Delete any values added to the registry.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube